Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0938 | 1 Testlink | 1 Testlink | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-2498 | 1 Simplehrm | 1 Simplehrm | 2025-04-12 | N/A |
| SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin. | ||||
| CVE-2013-3478 | 1 Apptha | 1 Video Gallery Plugin | 2025-04-12 | N/A |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | ||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-04-12 | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | ||||
| CVE-2014-0137 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | ||||
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | ||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2025-04-12 | N/A |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-100031 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | ||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2025-04-12 | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-10004 | 1 Maianscriptworld | 1 Maian Uploader | 2025-04-12 | N/A |
| SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2014-10013 | 1 Strategy11 | 1 Awp Classifieds | 2025-04-12 | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | ||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2014-10017 | 1 Welcart | 1 E-commerce | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | ||||
| CVE-2014-10023 | 1 Topicsviewer | 1 Topicsviewer | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. | ||||
| CVE-2014-10032 | 1 Scriptbrasil | 1 Taboada Macronews | 2025-04-12 | N/A |
| SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2014-10033 | 1 Oscommerce | 1 Online Merchant | 2025-04-12 | N/A |
| SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. | ||||
| CVE-2014-10034 | 1 Couponphp | 1 Couponphp | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/. | ||||
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | ||||
| CVE-2014-2022 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | ||||